The Business (and Success) of Ransomware Explained as a Simple Funnel

Ransomware Extortion TacticsThe rise of Ransomware-as-a-Service has given rise to a number of more successful groups who have their “business” down to a simple exercise of playing the numbers.

In any business, the Sales efforts can be expressed as a series of numbers in a Marketing and Sales funnel, showing, basically, “if you add so many people at the top of the funnel, you get so many sales at the bottom.” For example, if you have 100 prospects visiting your website, you might have 15 that register for your product or service. And of those 15, five will have a real need, budget, and timeframe to purchase. And of those 5, two of them will actually close.

With the massive numbers of organizations and users within, it’s expected that the more sophisticated groups have a general idea that for every X number of organizations targeted, Y number of them will succumb to a ransomware attack, yielding an average of Z dollars.

Don’t believe me?

In a recent post from Microsoft explaining the cybercrime economy, they devised their own funnel of sorts based on what they’ve observed with customers:

The Business (and Success) of Ransomware Explained as a Simple FunnelSource: Microsoft

According to this funnel, 1 out of every 2500 organizations is a successful ransomware attack. And I would take this number to the bank, given the sheer number of attacks Microsoft’s security team has insight into.

If you’re a math person, you might think “eh, that’s four one-hundredths of a percent. We’re ok.” But note that just under 1% of all organizations attacked are successfully compromised. That means that even if you won’t ever need to be faced with the prospect of paying a ransom, you still will need to deal with the breach, notify shareholders, involve law enforcement, disrupt operations, etc.

So, every organization is participating in this number’s game – whether you like it or not. And the difference between those that are in the “20” or the “1”, and those that aren’t depends on your preventative security strategy that had better include Security Awareness Training to ensure that same funnel like thinking about the .001% of phishing emails that make their way to the Inbox don’t make the difference between your organization being one of the 2480 that aren’t affected, or the 21 that are.

Get Your Ransomware Hostage Rescue Manual

Ransomware Hostage Rescue Manual Cover 2022This 26-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:

  1. What is Ransomware?
  2. Am I Infected?
  3. I’m Infected, Now What?
  4. Protecting Yourself in the Future
  5. Resources

Don’t be taken hostage by ransomware. Download your rescue manual now! 

Get Your Manual

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Ransomware

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews